RTC Forums
May 05, 2024, 12:12:02 PM
Welcome,
Guest
. Please
login
or
register
.
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Home
Help
Login
Register
RTC Forums
>
Subscription
>
Support
>
AutoSessions & Multiple Servers
Pages: [
1
]
« previous
next »
Print
Author
Topic: AutoSessions & Multiple Servers (Read 3662 times)
Ryan
RTC Expired
Posts: 15
AutoSessions & Multiple Servers
«
on:
October 13, 2016, 01:08:46 PM »
Hi Danijel,
I hope this message finds you well. It has been a while since I have asked for your help and hopefully you will be able to guide me again.
Is it possible to save the session data created by the AutoSessions code into a database? Either via an event or a hook in the code.
The background to this is one of our customers has security tested our system. Despite using SSL to protect the data they would like to see the actual content bodies encrypted to stop "man in the middle" attacks. To comply I've switched on ForceEncryption on the TRtcServeModule objects. This in turn has switched on AutoSessions. This all works well if one server is involved. Unfortunately we split the load across two IIS web servers using the Kemp load balancer software. This is configured to use a round robin system so the session is setup on server A and then rejected by server B. I've setup something similar in PHP & ASP.NET, the idea being it doesn't matter which IIS server gets the function call the system will be able to get the session data it needs from the database.
Many thanks for any guidance you can give me.
Kind regards,
Ryan
Logged
D.Tkalcec (RTC)
Administrator
Posts: 1881
Re: AutoSessions & Multiple Servers
«
Reply #1 on:
October 13, 2016, 01:53:14 PM »
If you need advice in making the communication between your Clients and Servers secure, I strongly recommend consulting an expert in that field (like Henrick from SreamSec) instead of experimenting.
As for the "ForceEncryption" property, it activates proprietary RTC encryprion which requires RTC Sessions to store RTC encryption objects on the Server, making the Server stateful and thus unsuitable for a setup with a Load Balancer using the round robin method.
Even if we disregard the performance penalty and other possible time- and connection-relted issues, because RTC Sessions also keep pointers to custom in-memory objects with no mechanisms for serialization and deserialization (encryption objects included), you can not simply move all RTC Session data to and from a Database.
Best Regards,
Danijel Tkalcec
Logged
Ryan
RTC Expired
Posts: 15
Re: AutoSessions & Multiple Servers
«
Reply #2 on:
October 13, 2016, 02:02:16 PM »
Hi Danijel,
Many thanks for the advice and contact information. I will see where this goes with the customer over the coming weeks.
Kind regards
Ryan
Logged
Pages: [
1
]
Print
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Dashboard
-----------------------------
=> General
=> 3rd-Party
=> Quick Start
-----------------------------
Subscription
-----------------------------
=> Support
Loading...
